Russian anti-virus company Doctor Web is warning users about the malignant program BackDoor.Saker.1, which is capable of bypassing the User Account Control (UAC). The program’s main function is to execute directives from criminals and, most importantly, to intercept user keystrokes (keylogging). In a compromised system, the Trojan launches the file temp.exe to bypass the UAC. […]
Over the weekend, Yeh, one of our Security Response Analysts, came across some interesting analysis on a Chinese language forum about an Android app that basically turns a mobile device into a hack-tool capable of stealing information from a connected Windows machine.He managed to find a sample (MD5:283d16309a5a35a13f8fa4c5e1ae01b1) for further investigation. When executed, the sample […]
I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar.In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located in […]
Latest Comments